0c92cbe9b87bda122869b56d70e4cd41a2964558344943bc666cd7717947a41f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0c92cbe9b87bda122869b56d70e4cd41a2964558344943bc666cd7717947a41f
Size

2.2MB
Sample

221004-gpftyaegc4
MD5

33347da10879698ca6faad5b2571ef1e
SHA1

69238968c6aa6834a07a7c4afc84adac2af94380
SHA256

0c92cbe9b87bda122869b56d70e4cd41a2964558344943bc666cd7717947a41f
SHA512

652ef4a9b167d739054d624c6cae3c3eae92f99530c01d547463af975d246af1affebb51a90aa94ede4cb99c68435bb49d2a3dd5ad9620243ed9f0166a620a9f
SSDEEP

49152:oSGixi7Dn+KVBhRzPQgzLT1epmhPLvhgD33WqCfxRHw07kO1psQp03e:oB3VVPkayaqkEjmpsQp03e

Score

7^/10

evasion

Malware Config

Targets

- Target
  
  0c92cbe9b87bda122869b56d70e4cd41a2964558344943bc666cd7717947a41f
- Size
  
  2.2MB
- MD5
  
  33347da10879698ca6faad5b2571ef1e
- SHA1
  
  69238968c6aa6834a07a7c4afc84adac2af94380
- SHA256
  
  0c92cbe9b87bda122869b56d70e4cd41a2964558344943bc666cd7717947a41f
- SHA512
  
  652ef4a9b167d739054d624c6cae3c3eae92f99530c01d547463af975d246af1affebb51a90aa94ede4cb99c68435bb49d2a3dd5ad9620243ed9f0166a620a9f
- SSDEEP
  
  49152:oSGixi7Dn+KVBhRzPQgzLT1epmhPLvhgD33WqCfxRHw07kO1psQp03e:oB3VVPkayaqkEjmpsQp03e
Score

7^/10

evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2